Ken,
> Many entries in my maillog show the client's IP address
twice. In most
> cases it is the same, but in some cases the IP
addresses differ as
> follows. The domains and IP addresses have been munged
to protect the
> innocent:
>
> Dec 10 13:10:24 maildrop amavis[2805]: (02805-01)
Passed CLEAN,
> [204.29.186.233] [70.79.44.125] <rgensbo xyz.net> -> <q419zyx.com>,
>
> Using the "un-munged" log entry, the IP
addresses both correlate with
> the sender domain.
> ...why each log entry shows two IP addresses and why
they sometimes
> differ.
The default log template includes macros %a and %e in its
report.
README.customize tells:
a original SMTP session client IP address (empty if
unknown,
e.g. no XFORWARD)
e best guess of the originator IP address collected from
the Received trace
So the first reported address is the IP address of a client
which directly connected to your MTA, i.e. the last SMTP
hop.
It is the information as provided by Postfix in its
XFORWARD
smtp command.
The second address is parsed from a header. Searching
through
'Received' header fields bottom up, it is the first
non-private
IP address found.
When mail is delivered directly from a MUA to your MTA,
both
addressess match (assuming the Received headers fields are
parseable and valid). On multi-hop mail they usually
differ.
Mark
------------------------------------------------------------
-------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://
sourceforge.net/services/buy/index.php
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
